TheSupe87 - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Is consumer data privacy at risk under cybersecurity legislation?

#GRCChat participants discuss how cybersecurity legislation could hurt data privacy and what personal information protections should be included in the new rules.

New U.S. cybersecurity legislation designed to prevent future data breaches continues to be debated by U.S. legislators, and consumer privacy remains a sticking point. Bills such as the Protecting Cyber Networks Act (PCNA) propose systems for private companies to share information about cyber threats with government agencies. Opponents fear that including this type of information sharing in cybersecurity legislation will hurt privacy by helping the U.S. government collect consumer data for law enforcement or surveillance purposes.

Proposed cybersecurity bills such as PCNA continue to raise questions about what U.S. citizens are willing to give up to prevent massive data breaches that have become the norm. Most agree that there should be some sort of cybersecurity legislation, but consumer data privacy remains a major priority. In this #GRCChat recap, participants discuss how cybersecurity legislation could affect privacy and what precautions should be taken to protect consumer data.

Will data sharing policies proposed in cybersecurity legislation hurt consumer privacy? Why or why not?

Although cybersecurity legislation is meant to protect consumer privacy, some think that it would actually undermine it. Detractors of cybersecurity legislation specifically worry about the amount of consumer data that would be available to the government should proposed bills become law. #GRCChat participants acknowledged privacy is a legitimate concern, but added that data sharing stipulations may be necessary:

Although some #GRCchat-ters agreed that cybersecurity legislation is needed, they added that current proposed legislation is lacking from a consumer privacy standpoint:

The lack of a consumer presence wasn't the only fault found with proposed cybersecurity legislation. Participants thought that bills often demonstrated a lack of knowledge regarding technology and suggested that more experts should be consulted when creating cybersecurity legislation:

What privacy protections must be in cybersecurity legislation to ensure consumer data is not violated?

Participants discussed how some consumer data privacy sacrifices might be necessary to protect information under cybersecurity legislation, but added there is still a need for controls on what exactly the government can and cannot do with consumer data.

One participant stated that cybersecurity legislation still has a long way to go, especially when it comes to transparency:

SearchCompliance site editor Ben Cole advocated for finding the right mix of government involvement and privacy protection, before pointing out the problem that innovation presents: New tech could either provide more security, or create new opportunities for data breaches.

How do you think cybersecurity legislation will affect consumer data privacy? Sound off in the comments section below.

Next Steps

Security information sharing needed, says government cybersecurity experts

Finding the line between data analytics and consumer data privacy

A look at past cybersecurity legislation with the Cybersecurity Act of 2009

Dig Deeper on Risk management and compliance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you think new cybersecurity legislation threatens consumer data privacy?
Absolutely.  Any door that is opened for law enforcement or intelligence agencies on purpose, even friendly ones, is likely something that foreign enemies, crooks, and hackers could also exploit.
Wow, I had never thought of the angle that cybersecurity laws could actually be used to collect consumer data for the government. If you're the paranoid type, makes you wonder how many of the recent hacks our government was behind.
After watching the presidential debate last night, I am left wondering if our government understands that legislation that mandates keys, makes us all vulnerable.  (Did not the Battlestar Galactica reboot teach us that very thing?)
The lack of privacy protection shows that the people promoting this legislation either do not fully understand the potential impact it will have on the privacy of those it supposedly protects or they do not care. Given their track record, it’s most likely the latter.
Privacy advocates are certainly concerned about the details of the Cybersecurity Act of 2015, which was included in the Omnibus Spending Bill when it passed last week. The cybersecurity Act portion is an updated version of the Cybersecurity information Sharing Act that has been debated for years, and encourages information sharing between the public and private sector to improve cybersecurity. Privacy advocates are concerned it will allow organizations and federal authorities to avoid privacy standards and civil liberties. They are also unhappy about the cybersecurity act was built into the Omnibus bill, where the cybersecurity portion was unlikely to be debated on its own merits.
Agreed. I'm very nervous about the new powers our government is accumulating.